Maxim Beloenko, Qrator Labs: “One notable trend observed in the cybersecurity industry is the increasing complexity of attacks”

Protecting data and communications from cybercriminals is paramount to maintaining a successful public or private enterprise.

As emerging technologies take the geo-political world by storm, private, corporate, and commercial organizations must enhance their cybersecurity measures. Even the top-tier VPN and antivirus software may not be enough. Technical solutions and response times should be quick and immediate when identifying and addressing any potential vulnerabilities.

For more details on the impact of cyberattacks and the importance of cybersecurity, we interviewed Maxim Beloenko, Vice President of Global Sales at Qrator Labs – a security software company and leader in DDoS attack mitigation and innovating network filtering solutions.

Would you like to share a little bit about your story? How did Qrator Labs come about?

Qrator Labs was born out of our former initiative, Highload Lab, a consulting firm specializing in high-performance distributed network applications. But the 2008 economic crisis acted as a catalyst for change, prompting us to shift our focus toward the urgent and fascinating issue of DDoS attacks.

This journey began with the creation of a prototype program in 2009, and the formation of a dedicated research team. Our mission was to dive deep into the intricacies of DDoS attacks. We built enough expertise to offer our insights at a national level.

Then, in 2010, a substantial DDoS attack signaled that it was time to stand on our own. We built a distributed network with filtration points, and in September 2010, Qrator Labs took flight as a commercially focused venture dedicated to combating DDoS attacks.

Can you introduce us to what you do? What are the main challenges you help navigate?

The main issues Qrator Labs addresses are ensuring continuous business availability and mitigation of DDoS attacks, which can disrupt a company's website operation or cause significant delays in response time. Such occurrences can damage customer trust and negatively affect a company's bottom line.

We've developed a geo-distributed filtering network dedicated to providing reliable, low-latency web infrastructure protection against any cyberthreats that could lead to network failure. Our filtering network consists of 15 points of presence across the globe connected to transcontinental Tier 1 providers and leading regional backbone Internet providers.

Our unique approach involves continuous, 24/7 work with client traffic, which allows us to consistently "train" our filtering algorithms. Once a client's traffic is connected, it's redirected into the Qrator Labs network and undergoes analysis. In the event of a DDoS attack, our system is designed to automatically filter it out. This enables our customers to learn about such attacks only from their morning analytical reports, without experiencing any service disruptions.

How did the recent global events affect your field of work? Were there any new challenges you had to adapt to?

The recent global events have significantly affected our field of work. It increased the number and duration of DDoS attacks. In 2022, these attacks often lasted hours, sometimes even days. Some instances included continuous attacks which was a shift from previous patterns of attacks lasting a few minutes.

Another trend was the rise of attacks using IoT devices. Furthermore, there was an increase in criminals commercializing the rental of botnets for attacks on the darknet. It became easier with the decreasing cost of renting VPS in the cloud.

The protection of DNS servers from DDoS attacks also became a crucial issue. Not just for service providers, but for any company with online services, as they have become essential for operation. This posed a challenge as companies may overlook DNS server security.

We had to adapt to these changes. Through implementing comprehensive measures including diversifying and distributing DNS servers. We also employed competent administrators, using DNSSEC, and applying specialized DDoS protection measures. These strategies have ensured that despite the increasing intensity of potential attacks, we maintain the operational capability of DNS servers.

Could you provide an overview of your current role and responsibilities in the field of cybersecurity?

Qrator Labs remains steadfast in our commitment to ensuring application availability or, as it's commonly known, DDoS mitigation. We leverage high-performance hardware and software solutions and real-time traffic analysis and filtering.

That includes functional and stress testing of networks and networking applications, as well as network security audits. Our continuous machine-learning processes are crucial in enhancing our protective measures.

Can you describe what your company's DDoS protection service entails? Which market segments is this service aimed at?

Our service's primary targets are both small and large businesses. Industries such as financial institutions, media, education, e-commerce, tourism, and gaming.

Our offering involves round-the-clock filtering of website traffic at a fixed, predictable monthly cost. It allows for controlled IT budgeting without the need for additional hardware.

How does your company's solution help businesses protect themselves from DDoS attacks?

We aim to ensure our clients' business continuity. We achieve this through complete control over our technology stack, allowing us to customize and seamlessly integrate our solutions to meet the specific needs of each client. With extensive consulting experience, we possess deep expertise in network infrastructure and application development.

This enables us to deliver superior integration, conduct rigorous load testing, and optimize our clients' system performance. We understand that each business is unique. Therefore, we conduct comprehensive audits to tailor our solution to each client's specific requirements. This proactive approach allows us to identify and mitigate potential risks before they turn into threats, offering robust protection against DDoS attacks.

What are some common mistakes businesses make when implementing DDoS prevention measures?

Carelessness is the main advantage for attackers. Many businesses underestimate the likelihood of DDoS attacks. Particularly if they have escaped unscathed or only suffered minor incidents before. However, when a large-scale attack hits, perceptions abruptly change. While some are well-prepared for traditional bandwidth-targeted DDoS attacks, they may overlook the growing threat of application-level attacks. These threats disguise themselves within encrypted protocols, mimicking genuine traffic.

Although installing local devices on servers for traffic analysis and cleansing is crucial, it may not offer sufficient protection against volumetric attacks. Many DDoS attacks now target specific business applications. Yet, several companies lag in adopting network-level tools crucial for detecting and blocking such attacks.

Finally, DDoS attacks carry hidden costs beyond direct damages like ransom payments and revenue loss. These include reputational damage, eroded customer trust, and potential regulatory penalties, often overlooked but equally detrimental.

How does the increasing prevalence of IoT devices influence the dynamics of DDoS attacks and their prevention methods?

The year 2016 was pivotal for cybersecurity. DDoS attacks began leveraging internet-connected household devices. The infamous Mirai botnet attack illustrated this shift, utilizing nearly 150,000 smart video cameras, achieving an attack speed of over 600 Gbps.

The appeal of IoT devices to cybercriminals lies in their weak protection. In the lack of encryption, unchanged default passwords, and outdated software. Mirai's attack revealed the limitations of federal-level network operators against such threats. It highlighted the need for specialized DDoS protection solutions.

IoT devices remain popular targets, with a surge in such attacks in the past years. The declining cost of renting powerful VPS in the cloud has provided more opportunities for cybercriminals. It removed the necessity to compromise systems for botnets. This development has led to unprecedented network bandwidth attacks. It's set the stage for even faster and more potent attacks in the future.

Can you share any notable trends or shifts you've observed in the cybersecurity industry? How are Qrator Labs adapting to these changes?

One notable trend observed in the cybersecurity industry is the increasing complexity of attacks. According to our report at the start of 2022, most attacks were rather simple. But by the fourth quarter, we saw a significant escalation in their difficulty. Basic attacks had lost their effectiveness as the industry had learned how to counter them. That prompted cybercriminals to raise the difficulty to get results.

In 2023 we expect a surge in Application Layer attacks. These types of attacks, which mimic regular user behavior, pose a real challenge to detect and neutralize them.

In response to this trend, attackers are focusing more on efficiency rather than volume. They are investing in more advanced and targeted methods, thereby outdating previously successful defensive tactics.

We are closely observing these shifts and adapting our strategies and technologies accordingly. Thanks to our continuous R&D activities and improving filtering algorithms we can manage complex, non-standard, and large-scale attacks along with network anomalies.

How equipped is the company to improve its knowledge and security features against the increasing cyber threats?

We've developed a unique BGP Anycast system that announces a single IP address from multiple locations. While this concept might sound straightforward, mastering it requires a profound understanding of global BGP routing protocols and the paths a packet might traverse to reach our infrastructure. This understanding led us to create a mathematical model that predicts traffic distribution in the event of an attack.

One of our notable achievements has been our work with data from CAIDA, a prominent BGP research platform. Initially perceived as a weekend project, it evolved into a three-year endeavor to predict reverse paths - a complex mathematical problem that hadn't been addressed elsewhere. By solving it, we have constructed a more intricate and robust network.

What advice would you give to a company that is looking to improve its defenses against DDoS attacks?

As I previously said, companies must first realize that they could potentially become a target, regardless of their size or sector. Establishing a layered security infrastructure that includes tools like Web Application Firewalls (WAFs) is key.

Technical solutions should get implemented quickly to promptly identify and address any potential vulnerabilities. Any possible data leaks should have 24/7 monitoring.

Another crucial point is the importance of preparation for periods of increased vulnerability. Events such as online sales, corporate report releases, or digital service launches can attract increased attention from cybercriminals. As such, it's essential to have enhanced defenses in place during these periods.

And finally, don’t hesitate to seek help from cybersecurity professionals.

What’s next for Qrator Labs?

We have an ambitious and strategic roadmap for our future. In terms of geographic expansion, we're planning to broaden our global footprint even more. But our vision for the future isn't just about expanding our locations. When it comes to services, we'll continue focusing on security-related offerings. This is in response to the increasing cyber threats.

At the same time, we're venturing into new sectors and developing new products. Going back to our consulting origins, we aim to optimize network performance. This commitment to diversify signifies our proactive stance in innovating and adapting to the ever-evolving needs of the digital world. So, the future for us at Qrator Labs holds significant growth and a wider range of services.

Leave a Reply

Your email address will not be published. Required fields are markedmarked